Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/DKDFP2gQRp9KHwmwkthfr83mzGw.roa
File:                     DKDFP2gQRp9KHwmwkthfr83mzGw.roa (raw, json)
Hash identifier:          9OBGVf++KNTjhVSAHAFjkDNuotBTTyX92bB5HvFz8bc=
Subject key identifier:   0C:A0:C5:3F:68:10:46:9F:4A:1F:09:B0:92:D8:5F:AF:CD:E6:CC:6C
Certificate issuer:       /CN=9422958431af5347bfd80e35503ddb48e71cf4d6
Certificate serial:       018E40DB1C0CA604D2BA506876AEED7D23A6
Authority key identifier: 94:22:95:84:31:AF:53:47:BF:D8:0E:35:50:3D:DB:48:E7:1C:F4:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lCKVhDGvU0e_2A41UD3bSOcc9NY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/DKDFP2gQRp9KHwmwkthfr83mzGw.roa
Signing time:             Fri 15 Mar 2024 06:44:45 +0000
ROA not before:           Fri 15 Mar 2024 06:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61206
IP address blocks:        193.169.213.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/lCKVhDGvU0e_2A41UD3bSOcc9NY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/lCKVhDGvU0e_2A41UD3bSOcc9NY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lCKVhDGvU0e_2A41UD3bSOcc9NY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:40:db:1c:0c:a6:04:d2:ba:50:68:76:ae:ed:7d:23:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9422958431af5347bfd80e35503ddb48e71cf4d6
        Validity
            Not Before: Mar 15 06:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ca0c53f6810469f4a1f09b092d85fafcde6cc6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:98:93:0e:0d:f0:25:b4:f6:e5:7b:fb:80:1c:
                    8b:09:6e:87:63:13:49:53:0d:2d:60:25:4a:63:a6:
                    70:ac:44:33:bb:c8:76:d6:5c:06:0a:1d:92:4e:dc:
                    5c:1e:b4:28:7b:0a:6d:b3:2c:22:f7:a8:c4:3e:a3:
                    78:a4:28:6b:fa:e6:0d:97:30:5a:a8:56:31:33:a3:
                    5d:f8:66:d8:a1:35:b5:85:c8:49:49:d2:4b:38:e0:
                    bd:94:66:ff:1b:6c:f0:ee:67:29:0a:50:fd:8e:94:
                    fe:e2:67:b3:dd:82:f7:75:61:ae:52:d0:eb:37:79:
                    4f:a5:1c:af:63:f6:1b:7b:7a:7b:14:bc:2a:29:0e:
                    30:30:8e:9e:cb:81:30:d9:c4:cc:96:1b:46:a0:c1:
                    92:f3:61:28:8f:9a:09:a5:d3:37:06:a0:88:94:69:
                    6d:1d:ec:73:ec:4a:39:ee:23:31:0e:64:e5:2d:a4:
                    9e:1a:37:90:4a:f0:c5:4d:a5:1e:09:3b:fb:60:4f:
                    7a:3f:1d:1d:08:c4:01:f0:84:9b:fe:b0:8b:08:17:
                    74:b3:3d:61:47:ed:ec:68:76:5f:75:e0:7d:59:38:
                    7e:3f:f4:e0:24:25:90:e5:d4:90:14:6c:e6:87:7d:
                    df:33:71:3e:b4:c0:58:41:dd:96:f9:e6:51:22:5d:
                    02:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:A0:C5:3F:68:10:46:9F:4A:1F:09:B0:92:D8:5F:AF:CD:E6:CC:6C
            X509v3 Authority Key Identifier:
                keyid:94:22:95:84:31:AF:53:47:BF:D8:0E:35:50:3D:DB:48:E7:1C:F4:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCKVhDGvU0e_2A41UD3bSOcc9NY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/DKDFP2gQRp9KHwmwkthfr83mzGw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/755468-2acc-4e9b-a5ea-e8a083f56ace/1/lCKVhDGvU0e_2A41UD3bSOcc9NY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.169.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:63:e5:4f:08:ef:55:2c:c6:d0:00:2b:8e:1b:4b:82:57:9e:
         8a:5e:58:52:6d:cb:4f:e1:45:99:84:1b:78:90:9f:51:20:ab:
         dd:cb:ac:63:17:6d:86:56:b1:82:c7:f1:8f:82:8c:59:ce:be:
         56:db:84:d3:9d:de:94:5d:f3:f5:1e:ec:d3:f1:5f:d7:1c:28:
         b6:5c:8c:60:a8:5f:31:fc:a6:6e:69:c7:02:21:d4:e1:f9:6a:
         9f:60:03:8e:a3:51:27:64:8d:a5:7e:ab:31:e1:95:18:2d:fe:
         3b:5a:a4:8f:c3:8d:ca:93:de:ab:62:49:6c:da:2b:39:ad:3e:
         0c:10:14:77:34:36:0c:17:60:18:ce:6d:1c:6b:f1:63:83:76:
         6f:d9:72:cb:fc:1d:56:77:04:e5:60:69:56:c4:f8:87:f1:54:
         d0:11:b9:e4:57:0a:b5:33:e7:ac:73:57:a3:f6:f1:69:ae:b3:
         fc:b9:0c:7a:35:ba:fd:1c:e2:80:fd:15:ec:75:dd:6c:d5:b5:
         23:f1:1e:ef:94:f6:5c:2f:6e:ba:4a:3a:63:c9:1e:06:4e:03:
         e4:2b:6e:83:12:ce:bd:b7:fb:8d:72:9a:16:ea:58:b2:ed:16:
         bd:eb:f7:62:77:b9:99:ef:b7:4d:3a:1e:18:ed:6b:2d:ab:02:
         51:38:91:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5A2xwMpgTSulBodq7tfSOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjI5NTg0MzFhZjUzNDdiZmQ4MGUzNTUwM2RkYjQ4ZTcx
Y2Y0ZDYwHhcNMjQwMzE1MDY0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2EwYzUzZjY4MTA0NjlmNGExZjA5YjA5MmQ4NWZhZmNkZTZjYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJiTDg3wJbT25Xv7gByLCW6HYxNJ
Uw0tYCVKY6ZwrEQzu8h21lwGCh2STtxcHrQoewptsywi96jEPqN4pChr+uYNlzBa
qFYxM6Nd+GbYoTW1hchJSdJLOOC9lGb/G2zw7mcpClD9jpT+4mez3YL3dWGuUtDr
N3lPpRyvY/Ybe3p7FLwqKQ4wMI6ey4Ew2cTMlhtGoMGS82Eoj5oJpdM3BqCIlGlt
Hexz7Eo57iMxDmTlLaSeGjeQSvDFTaUeCTv7YE96Px0dCMQB8ISb/rCLCBd0sz1h
R+3saHZfdeB9WTh+P/TgJCWQ5dSQFGzmh33fM3E+tMBYQd2W+eZRIl0CjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAygxT9oEEafSh8JsJLYX6/N5sxsMB8GA1UdIwQY
MBaAFJQilYQxr1NHv9gONVA920jnHPTWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENLVmhER3ZVMGVfMkE0MVVEM2JTT2NjOU5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi83NTU0NjgtMmFjYy00ZTliLWE1ZWEt
ZThhMDgzZjU2YWNlLzEvREtERlAyZ1FScDlLSHdtd2t0aGZyODNtekd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi83NTU0NjgtMmFjYy00ZTliLWE1ZWEtZThhMDgzZjU2YWNl
LzEvbENLVmhER3ZVMGVfMkE0MVVEM2JTT2NjOU5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwanVMA0G
CSqGSIb3DQEBCwUAA4IBAQAWY+VPCO9VLMbQACuOG0uCV56KXlhSbctP4UWZhBt4
kJ9RIKvdy6xjF22GVrGCx/GPgoxZzr5W24TTnd6UXfP1HuzT8V/XHCi2XIxgqF8x
/KZuaccCIdTh+WqfYAOOo1EnZI2lfqsx4ZUYLf47WqSPw43Kk96rYkls2is5rT4M
EBR3NDYMF2AYzm0ca/Fjg3Zv2XLL/B1WdwTlYGlWxPiH8VTQEbnkVwq1M+esc1ej
9vFprrP8uQx6Nbr9HOKA/RXsdd1s1bUj8R7vlPZcL266SjpjyR4GTgPkK26DEs69
t/uNcpoW6liy7Ra96/did7mZ77dNOh4Y7WstqwJROJHo
-----END CERTIFICATE-----